Revert "Add standard newline/quoting behavior to dotenv store"

[autrilla]

Reverts #622

It seems based on #702 and #705 this change was not backwards compatible. I suggest we revert, make a new release and remove 3.6.0 from our Releases page.

[autrilla]

cc @scjudd who contributed the code that is accidentally backwards incompatible. I feel for now reverting is the best course of action, but we would be happy to take a modification of your original PR that doesn't have this issue.

[codecov-commenter]

Codecov Report

Merging #706 into develop will decrease coverage by 1.97%.
The diff coverage is 90.47%.

@@             Coverage Diff             @@
##           develop     #706      +/-   ##
===========================================
- Coverage    38.26%   36.28%   -1.98%     
===========================================
  Files           23       22       -1     
  Lines         3335     3205     -130     
===========================================
- Hits          1276     1163     -113     
+ Misses        1929     1922       -7     
+ Partials       130      120      -10     

Impacted Files	Coverage Δ
stores/dotenv/store.go	32.45% <90.47%> (+7.45%)	⬆️
stores/flatten.go	87.28% <0.00%> (-4.24%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6b9e168...fa29bc8. Read the comment docs.

[ajvb]

@autrilla imo lets release v3.6.1

[etiennetremel]

@ajvb @autrilla When do you expect to release v3.6.1?

[shadiramadan]

This was a major breaking change for us and a waste of time to root cause. Either re-release 3.5 as 3.7 or if a fix is already made release it as 3.7. Please don't leave a broken release just sitting there as you will cause headaches for another poor soul.

I also recommend following: https://semver.org/

Specifically- do not pretend a release never existed- release a new version.

[autrilla]

I can't make releases of sops anymore since I do not work for Mozilla.

I don't think semver says anything about removing versions from our download page. 3.6.0 exists and will continue to exist, but we don't want users downloading it. We do use semver for our versioning already.

[shadiramadan]

Here is a temporary workaround if someone needs it:

sops -d secrets.enc.env | sed -e "s/='/=/" -e "s/'$//" > secret.env

[shadiramadan]

I don't think semver says anything about removing versions from our download page

No it doesn't and you should leave 3.6.0 up. But it should at least be called out that it is broken on the release page and make a new release without the major breaking change.

Who does still work on this project? sops is a great concept and very useful already.

[mltsy]

@ajvb is there someone else you can prod for a point release?

[mltsy]

@autrilla @ajvb @jvehent - any clues as to what's going on behind the scenes here? Can anyone give a quick sense of what the normal release schedule looks like or if release have been suspended for some reason, etc.? It's totally understandable that workflows can get a little off kilter based on human circumstances, especially right now - just some communication would be great!

Should we plan to live without a release of this for a significantly longer period of time (or fork the repo, or whatever makes sense)? Or is work underway to get the release gears turning again? Thanks for any insight you can provide!

[mltsy]

Oh, well 💩 - I guess Mozilla laying off 250 people might have something to do with it, huh? Yikes!

Is anybody on this project still employed?? 🙁

[autrilla]

I haven’t worked for Mozilla for over a year and I’ve still contributed to the project. That said, I haven’t been able to do releases since I left, for good reason. AFAIK there are contributors that are still employed by Mozilla — if not, I’m sure we can get someone to take over the project or move it to another organization.

[mltsy]

Thanks! Well hopefully one of the other two folks can get word from someone who works at Mozilla. It looks like @mozcloudsec has been doing the releases - I assume that's a service bot, so I guess it's anyone's guess who is actually capable of making a release 🤷‍♂️

Hey @mozcloudsec can you release 3.6.1 please? 🤖 😉

[ajvb]

@mltsy It's pretty hectic right now. I am currently the main Mozilla-employed maintainer right now and I am still here.

To be completely frank with you, sops issues that do not affect Mozilla are fairly low priority right now. There will be a release, but it may not be for a couple of weeks. I'm about to go on vacation and do not want to ship a new release right before leaving, as I am currently the only one familiar with sops who can ship a release.

[shadiramadan]

Thanks for weighing in @ajvb and providing some clarity.

may not be for a couple of weeks

This little workaround is holding our org over so I'm OK (not that I have a choice) waiting.

sops -d secrets.enc.env | sed -e "s/='/=/" -e "s/'$//" > secret.env

Have a great vacation! I only ask that you set a reminder for after 😄

[shadiramadan]

Oh you know what that workaround only works for secrets with a single env entry. I will be reverting to 3.5.0...

[ajvb]

@mltsy @shadiramadan @etiennetremel v3.6.1 is out with this fix - https://github.com/mozilla/sops/releases/tag/v3.6.1

[javierjulio]

@ajvb thanks! I submitted Homebrew/homebrew-core#61126 to include the 3.6.1 release.